PCI Compliance:
Ignorance is Not a Defense
May 19, 2009
9:45 a.m. – 10:45 a.m.
Disclaimer
The opinions of the contributors expressed herein do not necessarily
state or reflect those of the National Association of Convenience
Stores. Reference herein to any specific commercial products, process,
or service by trade name, trademark manufacturer, or otherwise, shall
not constitute or imply an endorsement, recommendation, or support
by the National Association of Convenience Stores. The National
Association of Convenience Stores makes no warranty, express or
implied, nor does it assume any legal liability or responsibility for the
accuracy, completeness, or usefulness of any information, product, or
process described in these materials.
PCI Compliance Panel
Name Company
Dan Glennon Cybera, Inc.
Senior VP of Marketing & Strategy
Dave Faoro VeriFone, Inc.
VP & Chief Security Officer
Shekar Swamy American Technology Corp.
President
Mikey Kindler Gilbarco Veeder-Root
POS Marketing Director
Gray Taylor
Ann Seki Chevron Corporation
Global Marketing Global Card Systems
Lisa Stewart (Moderator) Impact 21 Group, LLC
President
Lisa Stewart, Impact 21 Group
Lisa Stewart, Managing Partner and President of Impact 21 Group, LLC, a
retail consulting company specialized in leveraging retail technologies,
category management and business intelligence.
• PCATS Board Member and Chair of the PCATS Technical Advisory Committee
• Long time member of various NACS Standards committees
• Impact 21 Group co-authored NACS Future Study 2000-2005
• Over 18 years of practical and technical experience in the convenience
store/retail industries
• Formerly with SuperAmerica and Speedway/SuperAmerica, Pricebook and
Retail Automation Management
• BA Marketing, Eastern Kentucky University
• Happily married 15 years with 2 very active boys
Fun Fact:
I’ve been burnt – Restaurant at a NACS Show, Las Vegas. Restaurant staff scanned credit card with
a skimming device. $3,000 at Wal-Mart that very week
Dan Glennon, Cybera, Inc.
Dan Glennon, is Senior Vice President of Marketing & Strategy for Cybera, Inc.
• Dan joined Cybera in October 2006 to lead the company's business
development, product development, and marketing initiatives, playing a key
role in the company's new product launches, strategic alliances, and overall
profile in the industry
• Previously, Dan was with BellSouth Telecommunications, where he held the role
of Senior Director of Product Management. In his role at BellSouth he
established and led a Center of Excellence dedicated to the optimization of
customer lifetime value and retention.
• Prior to BellSouth he served as a Principal at Diamond Management &
Technology Consultants, where he led marketing and strategy-focused
engagements for the telecommunications and data networking industry.
• Glennon's sales and marketing experience also includes positions with Intel
Corp.'s Internet and Communications Group and Avdata Systems Inc., a data
network service provider.
Fun Fact:
His card information was taken at a C-store… lots of charges before recover!!
Dave Faoro, VeriFone, Inc.
Dave Faoro is Vice President and Chief Security Officer, VeriFone, Inc.
• Responsible for world wide product security certifications
• A 20 year veteran of the electronic payments industry
• Mr. Faoro has delivered products into every facet of the payments market,
including customer facing multi-lane, PINpads, desktop, and wireless systems
• He represents VeriFone on the ANSI X9F – Data and Information Security
standards committee and PCI Security Standards Council Board of Advisors
Fun Fact:
Given what he knows about PCI compliance, Dave does not use a debit card… especially at C-stores
Shekar Swamy, American Technology Corp.
Shekar Swamy is a co-founder of ATC, which specializes in developing and
implementing systems for convenience store chains and sales forces of large
companies as well as providing full scale solutions for PCI compliance,
security and systems management for retail chains.
• Over 20 years in the Information Technology, as a consultant and senior
executive in major corporations, an expert in developing, implementing and
deploying systems for remote and mobile users in retail chains and sales forces
• Prior to ATC, he served as VP of Client Services at the Dunn & Bradstreet
Corporation, Sales Technologies Division
• National Sales Manager at TALX Corporation, responsible in penetrating an
emerging market for voice response and hand-held computer based
information delivery system
• Married to Vidya with 2 children in college and is an amateur photographer
Fun Fact:
Shekar loves to sing for his enjoyment and his family is used to tolerating his improvisational music!
Mikey Kindler, Gilbarco, Veeder-Root
Mikey Kindler is Director of Marketing for POS at Gilbarco Veeder-Root.
• Manages the strategic growth and positioning of the POS business including
roadmap development and 3rd-party partnerships
• Mikey joined Danaher as a Manufacturing Manager in 2005, served a variety of
operations and commercial roles at Fluke and Fluke Networks, and came to
Gilbarco full time in 2008
• Prior to her work with Danaher, Mikey was with A.T. Kearney, where she advised
pharmaceutical and CPG clients on post-merger integration, strategy and
operations in North America and Europe
• Mikey received a Bachelor of Science degree in Economics from MIT and an
MBA from Harvard Business School
Fun Fact:
Mikey is a kick-boxer and a pianist – tough to protect the hands!!
Ann Seki, Chevron Corporation
Ann Seki is PCI Program Manager in Chevron’s Marketing Orgranization
• Currently tasked with managing PCI Program portfolio at Chevron for PCI
Projects.
• Ann received a Bachelor of Science degree in Math and Economics from Coe
College and MBA from Washington University in St. Louis
Topics for Discussion Today
WHAT YOU NEED TO KNOW
• Where does the responsibility and liability ultimately lie?
• Communication - How to be clear when it is unclear
WHAT YOU NEED TO DO
• Improve Security and Watch out for these Areas
• Put required tools and processes in place
• Data management and PCI security requirement integration
• Impact on the business and IT staff
HOW TO GET PROPER ASSISTANCE
• Mitigate Risks – Who, what, when, where…
PCI DSS (Payment Credit Industry - Data Security Standards): pcisecuritystandards.org
References
NACS is a current PCI Security Council member: NACSonline.com
DSS 1.2 October 1, 2008 - have not introduced new requirements, but provided more specific details (e.g. includes
Important language about the operating system - Window, Unix, Linux, Mac)
Dates PCI EPP July 1, 2010 – All attended and unattended PEDs (including AFDs) must utilize TDES for Pin Data
PCI PA-DSS July 1, 2010 – All POS systems must be PA-DSS compliant (VISA only requirement)
PCI Compliance Panel
Name Company
Dan Glennon Cybera, Inc.
Senior VP of Marketing & Strategy
Dave Faoro VeriFone, Inc.
VP & Chief Security Officer
Shekar Swamy American Technology Corp.
President
Mikey Kindler Gilbarco Veeder-Root
POS Marketing Director
Gray Taylor
Ann Seki Chevron Corporation
Global Marketing Global Card Systems
Lisa Stewart (Moderator) Impact 21 Group, LLC
President